Considered a ‘game-changer’ by industry experts, in May 2019, the U.S. Office of Foreign Assets Control (OFAC) released a new framework for improved compliance with U.S. sanctions laws and regulations.
Between 2012 and 2017, the popular beauty brand ‘e.l.f. Cosmetics Inc.’ imported 156 shipments of eyelash kits from two China‑based suppliers.
This wouldn’t be particularly newsworthy, if it weren’t for the fact that the kits contained illegal materials sourced from North Korea, a country where trade with the United States has been either restricted or prohibited for decades. In response, the U.S. Office of Foreign Assets Control (OFAC) announced a nearly $1 million settlement for 156 apparent violations of the North Korea Sanctions Regulations 31 C.F.R. part 510 on January 31st, 2019.
This case appears to be part of a recent trend of tighter OFAC regulations enforcement. In fact, after a year of relatively few enforcement actions (only seven published in 2018) OFAC has already taken several actions over the past few months that highlight its focus on compliance program enhancement. As of June 20th, OFAC had issued penalties in as many as 18 cases. The dollar amounts are also substantially higher, as shown below:
OFAC - Civil Penalties and Enforcement Information
Number of Penalties or Settlements
Total Penalties or Settlements
Recommendations for Sanctions Compliance Programs
This shift ties in well with the new OFAC framework released in May 2019. Regarded by industry experts as a game-changer, this document is – to date – the government’s most robust effort to detail its views on the best practices that companies should follow to ensure compliance with U.S. sanctions laws and regulations.
The document underscores that all companies under U.S. jurisdiction are subject to compliance and enforcement, and describes five major components that every sanctions compliance program (SCP) should include:
- Management commitment
- Risk assessment
- Internal controls
- Testing and auditing
Per OFAC’s new framework, an effective SCP may not be able to completely shield a company from violations, but it could be viewed by OFAC as a mitigating factor upon enforcement.
OFAC Expectations for More Dynamic SCPs
While these guidelines apply to all persons subject to U.S. law, OFAC clarifies that they are not ‘one-size-fits-all’. SCPs should be risk-based, tailored to the size, scope and breadth of an organization and dynamic, meaning not only designed and implemented, but constantly reviewed and updated. In essence, companies need to consistently be aware of potential vulnerabilities and have reliable mechanisms in place to eliminate or correct any activities that may be prohibited by OFAC sanctions.
Beyond those mechanisms, OFAC placed particular focus on allocating responsibility to individuals, especially management, in upholding the regulations and disseminating the culture of compliance within the company. In other words, an effective SCP should not only describe the steps to be taken in monitoring, reviewing, escalating and resolving issues, but also clearly define the individuals playing those roles within the organization.
OFAC also highlighted common areas where SCPs usually fall short:
- Lack of a formal OFAC sanctions compliance program.
- Misinterpreting or failing to understand OFAC regulations.
- Exporting (or re-exporting) U.S.‑origin goods, technology or services to OFAC-sanctioned persons or countries.
- Utilizing the U.S. financial system for commercial transactions involving OFAC-sanctioned persons or countries.
- Facilitating transactions by non-U.S. persons.
- Issues with sanctions screening software updates and filters.
- Improper due diligence on customers and clients.
- De-centralized compliance functions and inconsistent application of a sanctions compliance program.
- Utilizing non-standard payment or commercial practices.
- Individual liability.
Back to the case of e.l.f. Cosmetics, OFAC noted that the company was taking ‘steps to minimize the risk of recurrence of similar conduct in the future’ such as implementing supply chain audits to verify the country of origin for goods and services used in their products, adopting procedures requiring suppliers to sign certificates of compliance and holding mandatory training for employees in both the U.S. and in China.
OFAC’s expectation with the release of its new framework (and tighter enforcement of its regulations) is that companies will proactively implement similar measures and increase internal awareness about the risks of doing business with sanctioned actors and countries.
This content is provided for informational purposes only and should not be considered, or relied upon, as legal advice.